Colleagues, I hope you are enjoying your summer and have had or are planning a break. Summer breaks help us maintain a healthy balance of rest and work.
Speaking of balance, over a recent beach vacation, I had time to study Tom Baxter’s article on the current role of lawyers in financial institutions: The Rise of Risk Management in Financial Institutions and a Potential Unintended Consequence – The Diminution of the Legal Function. Tom analyzes the effect of well-intended post Crisis regulatory governance changes on legal departments. Starting with the three lines of defense, the UK Senior Manager Regime, and heightened standards, Tom examines how the roles of compliance and risk are well defined, while the role of legal is not. Tom also looks to the impact of defining legal risk as a subcategory of operational risk and the prevailing supervisory view that compliance should not report to legal. In Tom’s view, the collective effect of the changes is an increase in the role of risk and compliance and a reduced role for lawyers.
The article has attracted interest from General Counsel as well as their staff and rekindled a long simmering debate in our industry. At a recent breakfast with a senior industry colleague, we discussed Tom’s article and, both of us being of a certain vintage, recalled the 2006 report of a City Bar blue ribbon task force on corporate governance, in which distinguished judges and practitioners considered the then recent spate of corporate scandals (e.g., Enron and World Com). The task force opened its report with Judge Sporkin’s reaction to the Lincoln Savings failure: “Where were the lawyers?” The task force concluded that ‘[t]he role of the General Counsel of a public company is central to an effective system of corporate governance” and recommended changes to enhance the power of in-house lawyers. Fascinating to consider that just over a decade after the City Bar report, we are now debating where the lawyers have gone.
The time has come to consider revising and better defining the role of legal not only within the lines of defense, but also under the bank regulators’ “heightened standards.” Any supervisory view of organizational structures should look to the institution it serves as opposed to a one size fits all approach. While we are at it, let’s also debate why legal risk should not be its own category, rather than swept into a subcategory of operational risk. On the latter point, the timing is auspicious. The Institute of Internal Auditors has issued a draft revision of the lines of defense and as in the original version, lawyers are not mentioned.
Without improving the current governance construct to explicitly include a legal role, managers may look to their risk functions for legal judgments. Risk should not serve as a filter for the advice of counsel. Risk is not qualified to offer legal judgments on its own and generally its views cannot be privileged. There are also issues uniquely addressed by legal, such as the potential for criminal liability, that go beyond typical risk and compliance considerations. As an industry, if we diminish or exclude legal, we risk losing focus on a key driver of real losses in the post Crisis enforcement period.
While the forgoing is debated, legal functions should consider a few actions and processes to remain fully engaged with management. In my experience, structured, disciplined, and informative reporting processes for legal risk that reaches through the organization can be an effective way to remain engaged. Dashboards, top 10 lists, and regular meeting routines help to keep legal risks in front of management. As the City Bar recommended, “[p]rocesses and procedures should be put in place to ensure that internal lawyers of appropriate seniority are involved in decisions on matters involving disclosure or other legal risk. For example, a company should insure that internal lawyers are present at appropriate meetings or are members of relevant committees.” The legal role is greatly enhanced if management is generally aware of the legal rules for the businesses they manage. Offering the businesses, and most importantly emerging leaders, training on the basic laws and regulations yields significant dividends. Finally, in-house lawyers should also make every effort to engage with risk and compliance functions to understand their reporting and where it is covering legal risk.
At Moore & Van Allen, we continue to engage industry leaders and our clients on the role of legal in corporate governance. We offer boot camps and other learning sessions to teach helpful strategies and tactics.
If you are still looking for a summer read, I am enjoying Phil Knight’s memoir, Shoe Dog. Well done business and personal journey story. Enjoy the rest of your summer.
Ed O’Keefe, former Global General Counsel of Bank of America Corporation, advises and represents financial institutions. Having also headed or served as a senior executive with Bank of America’s compliance, technology, human resources and operations functions, O’Keefe’s broad experience includes all aspects of investigations litigation, regulatory compliance, governance, cybersecurity, risk management and compensation. O’Keefe’s practice includes advising on all aspects of regulatory compliance, including BSA/AML, anti-bribery/anti-corruption, resolution planning, stress testing and responding to regulatory inquiries. He also advises General Counsel and their leaders on law department management, including engagement with regulators and control functions. A former Deputy General Counsel for Deutsche Bank AG and Chair of The Clearing House Association, O’Keefe has represented financial institutions before the U.S. Congress and the U.K. financial regulatory authorities, global agencies and courts, as well as the Federal Reserve, the Department of Justice, the Securities and Exchange Commission, the Office of the Comptroller of the Currency, the Consumer Financial Protection Bureau, the Federal Deposit Insurance Corporation and the Equal Employment Opportunity Commission. View Mr. O’Keefe’s full bio.